1. Field of the Invention
The present invention relates a wireless communication system, and particularly to a wireless communication system including plural wireless communication devices that form a network in an autonomous distributed manner, a wireless communication device, a processing method of the system and device, and a program that causes a computer to execute the method.
2. Description of the Related Art
As a mode for constructing a network by using a wireless technique, an infrastructure wireless local area network (LAN) system is defined in the Institute of Electrical and Electronics Engineers (IEEE) 802.11i. In this infrastructure wireless LAN system, a network is formed under overall control by wireless communication devices called an access point (AP) or the like.
In the IEEE 802.11i, an independent basic service set (IBSS) wireless LAN system is defined besides the infrastructure wireless LAN system. In this IBSS wireless LAN system, the overall control by specific access points is not carried out, but a network is formed through direct asynchronous wireless communication in an autonomous distributed manner between any optional wireless communication devices that operate as wireless terminals.
Also in a mesh wireless LAN system proposed in the IEEE 802.11s, a network is formed through direct asynchronous wireless communication in an autonomous distributed manner between wireless communication devices. In this mesh wireless LAN system, multi-hop communication to a wireless communication device that is out of the range permitting the direct arrival of electric waves is achieved via other wireless communication devices. Hereinafter, the IBSS wireless LAN system and the mesh wireless LAN system will be referred to collectively as an autonomous distributed wireless LAN system.
In either the infrastructure wireless LAN system or the autonomous distributed wireless LAN system, there has been proposed an authentication scheme employing an authentication server (AS) of the IEEE 802.1X as a scheme for enhancing security functions. In the infrastructure wireless LAN system, authentication information of all wireless terminals is centrally managed by an authentication server, and an access point serves as an authentication proxy to the authentication server and handles the sequence of the authentication protocol between a wireless terminal and the authentication server, for example. That is, in this system, the role of each terminal can be determined expressly. The entity that operates as an authentication proxy to the authentication server for other wireless terminals is referred to as an authenticator. The entity that is subjected to authentication processing via the authenticator is referred to as a supplicant. On the other hand, in the autonomous distributed wireless LAN system, the roles of individual wireless terminals are not defined expressly. Therefore, any wireless terminal serves as an authenticator/authentication server, while another wireless terminal serves as a supplicant.
However, in these IEEE 802.11i and 802.11s, a specific authentication protocol is not defined although use of the IEEE 802.1X is contemplated. To address this, in the internet engineering task force (IETF), the extensible authentication protocol (EAP) is employed as an authentication protocol ranked higher than the IEEE 802.1X, to thereby provide flexibility and extensibility.
The EAP can realize a specific authentication scheme by being combined with an encryption protocol. The following description will deal with the case in which the transport layer security (TLS) is used as the encryption protocol. The authentication based on the EAP employing the TLS as an encryption protocol is referred to as the EAP-TLS authentication. In this EAP-TLS authentication, authentication by use of an electronic certificate (public key certificate) is performed between an authentication server and a client. Although it is necessary that a certification authority (CA) issue in advance a public key certificate to the authentication server and the respective terminals, the EAP-TLS authentication is a system that does not rely on a password and the like, and is known for its very high safety (refer to e.g. B. Aboba and D. Simon: “PPP EAP TLS Authentication Protocol”, RFC 2716, Network Working Group, IETF (http://www.ietf.org/rfc/rfc2716.txt, which is referred as Non-Patent Document 1).
However, in the EAP-TLS authentication, connection from an entity having a public key certificate is all permitted as long as the public key certificate is issued from a certification authority reliable to the authentication server. That is, this scheme does not have a system for permitting authentication only for specific entities.
To realize permission only for specific entities, any authentication information needs to be managed. However, such management leads to complexity in general. In the autonomous dispersed wireless LAN system in particular, wireless terminals possibly move, and hence the terminals constructing a network are different from time to time. Therefore, a communication path for such management is not necessarily always ensured. That is, in order to control authentication subjects in the autonomous dispersed wireless LAN system, authentication information of wireless terminals need to be efficiently dispersed and managed.